The "fake" user/profile should work like a duress pin with addition of deniability. So as soon as you log in to the second profile all the space becomes free. Just by logging in you would delete the encryption key of the other profile. The actual metadata that show what is free or not were encrypted in the locked profile. Now gone.
Sorry I explained it poorly and emphasized the wrong thing.
The way it would work is not active destruction of data just a different view of data that doesn’t include any metadata that is encrypted in second profile.
Data would get overwritten only if you actually start using the fallback profile and populating the "free" space because to that profile all the data blocks are simply unreserved and look like random data.
The profiles basically overlap on the device. If you would try to use them concurrently that would be catastrophic but that is intended because you know not to use the fallback profile, but that information is only in your head and doesn’t get left on the device to be discovered by forensic analysis.
Your main profile knows to avoid overwriting the fallback profile’s data but not the other way around.
But also the point is you can actually log in to the duress profile and use it normally and it wouldn’t look like destruction of evidence which is what current GrapheneOS’s duress pin does.
The main point is logging in to the fake profile does not do anything different from logging in to the main profile. If you image the whole thing and somehow completely bypass secure enclave (but let's assume you can't actually bruteforce the PIN because it's not feasible) then you enter the distress PIN in controlled environment and you look at what writes/reads it does and to where, even then you would not be able to tell you are in the fake profile. Nothing gets deleted eagerly, just the act of logging in is destructive to overlapping profiles. This is the only different thing in the main profile. It know which data belongs to fallback profile and will not allocate anything in those blocks. However it's possible to set up the device without fallback profile so you don't know if you are in the fallback profile or just on device without one set up.
Hopefully I explained it clearly. I haven't seen this idea anywhere else so I would be curious if someone smarter actually tried something like that already.
What you say makes sense, just like the true/veracrypt volume theory. I can't find the head post to my "that's why you image post" but what concerns me is differing profiles may have different network fingerprints. You may need to keep signal and bitlocker on both, EVERYTIME my desktop boots a cloud provider is contacted -- it's not very sanitary?
It"s a hard problem to properly set up even on the user end let alone the developer/engineer side but thank you.
Same thing happened to me -- had a large vice grip in the duffel bag. Could have killed somebody over the head with it. They looked at their "regulations" and vice grips weren't on it so they let me through. You know who didn't let it through though - I left it in the bag and the Chinese security confiscated it on the way back.
btw don't try that with something that is on their list like ammo, even one bullet. Your life will be ruined.
> btw don't try that with something that is on their list like ammo, even one bullet. Your life will be ruined.
I've done that too. You travel so aggressively, eventually you have some oopsies.
I went through a stint where I was driving for work, and working with a bunch of people in a woodsy state. A guy would take us shooting, and he asked me to buy a box of ammo to replace what I shot - so 20 bucks for 500 rounds of .22 caliber ammo.
Next time I flew was the first time I had actually been selected for TSA precheck - you know, the Trusted Traveler program and you can guess what I left in my carry-on. I was very apologetic and had to talk to a very grumpy city police officer, but it was fine. I paid a fine of $130, and that was it - they offered to let me check my bag to keep the munitions too!
It has never even come up with my 3 Global Entry interviews either. And yes - I live in a blue state.
Obviously don't do it. It wasn't a problem for me, but very much YMMV. I know someone else who got dinged for having a banana they bought in a foreign airport, and that continues to come up in their Global Entry interviews. Live ammunition < Bananas, apparently.
Eh. I accidentally did that. We were on a trip to visit family and a relative took my kids to a shooting range. One of them didn’t completely empty their pockets afterward and we realized that when the TSA agent asked why we had a bullet in our carryon. My blood kinda froze, then the same agent asked if I’d like him to discard it for me. I said I’d appreciate that very much and he did so. He went on to say that, being near the headquarters of Bass Pro, that this happens all the time. I used it as a teachable moment to explain to my kids that this might be their one-time free pass and to never, ever, do that again.
This is exactly my experience - I have a Lenovo W530 from 2013, it has an i7, 32gb RAM and SSDs (RAID0 for performance, backups are off-device) - and it is STILL lightning fast.
However - EVERY single trick I have tried... the above command, LTSC, Enterprise edition, etc, results in a situation where after installation a few days (or hours) and some updates get installed, and... blue-screen-of-death on every boot.
Gave up, installed Linux - still working through some issues (GPU driver compatibility), but overall it is a much better experience...
I think at a certain point you need to just call it quits with that sort of bullshit. I have my dignity. I'm a fucking grown adult. I'm not going to spend my spare time haplessly looking online to unfuck the new current set of fuckery. Just take the fucking bullet. Learn linux. Congrats you're playing whack-a-mole with a trillion dollar corporation and prolonging your misery. This is stupid.
Yeah, microsoft will never change otherwise. People and companies continue to willingly allow themselves to get abused, and then wonder why Microsoft never changes and continues to abuse them.
So long as said abuse never results in a loss of marketshare and revenue, it will continue. Why would they stop if there's no negative repercussions?
Win8.1 x64 required double-width compare and exchange instruction support, so people who bought Win8 for a CPU or motherboard that didn't support it had to downgrade to the 32-bit version or lose support in 2016.
Win7 updates from 2018 onwards required SSE2 with no warning.
Win11 24H2 and later won't install on x86 processors that don't support the x86-64-v2 baseline.
From my experience it seems to happen all the time. Settings reset, uninstalled apps reinstalled, firewall settings erased. I went looking for the Windows 10 patch that deleted the Documents folder if you had remapped it to another drive, and it was hard to find an article due to all the other times their updates have also deleted people's Documents folder. This was the first time I recall it happening: https://www.engadget.com/2018-10-09-windows-10-october-updat...
That's, e.g., how I would determine what these commands do
I have had HN replies in the past that argued Windows is open source and thus comparable to UNIX-like OS projects where _the public_ can read the source code and make modifications, _for free_
Absent the source code, we can read Microsoft's documentation
The other thing to tell you is that this is not a live version of windows with all the features of the full desktop. It is the windows that runs the windows installer application, so enough windows to do that and no more.
Whenever I see an unexplained command I don't understand from a random internet forum, I hop onto the production server and run it, just in case it might boost performance. Wouldn't want to miss out on that.
Been doing it since I was 12. It taught me all about the ins and outs of `rm`.
Sounds like me back in the early 80s when I used to war dial, and people used to share "active" prefixes. I learned all about the 911 prefix when I set my dialer and went to sleep. About 20 minutes later the cops were banging on my front door. True story; I was in 6th grade, got arrested for it.
I got taken to juvenile hall, put in a holding area with kids that had stolen cars and stabbed other kids in fights. The funny thing is all these "bad kids" were really cool; we talked about video games (Donkey Kong!). I remember one kid got into a fight with his football coach and broke both the coach's legs. He was a big kid, looked like a grown man. He was pretty much in charge of the holding area. But he was cool as hell, cracked jokes with me. I actually kinda enjoyed the holding area.
Anyway, the officials thought I had just called 911 over and over, like to play a prank. They wouldn't hear anything about my computer or whatever (it was the early 80s). They were pissed. I was kept in the holding area for a few hours, then they let me go home. I was ordered to a bunch of community service, cleaning the parking lots of local parks, stuff like that.
Some of the checks are around CPU features that they don’t currently use but may use in the future. And CPUs don’t typically respond super gracefully to being asked to execute instructions they don’t understand.
It's flagged because its historically not Hacker News. Many of the newer accounts seem to bias towards using this forum as a "reddit" to discuss how much they hate the current administration or their mental issues. The technical "hacker" content is getting less and less -- thank God for https://lobste.rs/.
So that's all fine and maybe hackers should just change be a reddit forum, but don't take it personally or be surprised if 15 old accounts are flagging your posts. I say this noting that the account you posted from is only 9 months old.
We historically haven't had an administration like this either. People need to get over politics creeping into their every day life because that's what it's actually doing. We're at the point where the government is using tech to police and surveil the public and many of the CEOs of tech companies are openly coordinating with the President. Tech is politics at this point.
Hating the current administration is one of the top technical issues on my mind. There is a substantial chance that all US-EU software collaboration is going to get blown up in the next few months if Trump makes good on his threats to invade Greenland, just as international trade has been reoriented around his illegal tariffs and responses to them.
When Trump decides to destroy your life, as he's destroyed so many others, I hope you'll find supporters who aren't so determined to ignore the inconvenience as you.
Wow, thanks for this! I normally don't login to HN and comment anymore due to all the reddit-style comments - especially the constant hate for the US and the President. Thanks for giving me another outlet to review tech-related stuff.
Is it a 13 or 16? I have a Intel gen 12 framework 13 and it feels solid except the display is a little wobbly. The original display tended to swing in a heavy wind a bit much, but they improved the hinge at some point.
San Fransisco looked at replacing their metal ladders with wood and decided to keep making the wood ones. Sometimes there's good reasons to keep the old material, the least of which is that metal conducts electricity. Unfortunately there's not many people left that can maintain it and it's probably cheaper to just keep ordering metal replacements. It still doesn't mean it's better.
Gemini's native protocol isn't HTTP, they invented their own. I don't really see what this does you couldn't do with simple HTML pages (or Gopher 35 years ago).
Even simple HTML pages may require Javascript and want to run code on your computer or phone. You need knowledge of the document, knowledge of its author, or constant keepup and awareness of browser settings (e.g. did some update re-enable Javascript) to mitigate this.
A .gmi is 100% certain not to need any extra code capable of potential unwanted external communications, not now and not in the future.
Also .gmi is extremely simple and can be rendered very simply (and thus more securely) because it can be processed nearly statelessly line by line, without need of a rendering tree or document model.
... which looks even more stupid when you can force quite a number of browsers to get you something through gopher if you just pretend it's http on port 70. of course you have to self interpret the result, but gophermaps are quite readable. :)
Poor people should have Amazon prime because it doubles as fast delivery, and zero other streaming services. Staying in is always going to be cheaper than going out so some entertainment at home is a good idea.
reply